Straight, gay or bi? If you thought the answer to this question was a private affair between you and your sexual partners, perish the thought.
A direct attack on privacy, new rules allow the government to demand and get “sensitive personal data or information” of consumers from companies. This includes sexual orientation, medical records and history, biometric information, passwords, physical and mental health.
Worse, there is no liability on the government if this personal information is misused by the government or anybody else who gets this access through it.
“There are chances of misuse as the rules are silent on the liability and responsibility of the government if this information is disclosed,” said cyber law expert Pawan Duggal.
“Though there is a provision that government agencies shall not share such information with any person, there is no liability clause in case the information reaches a third person through them or is misused.”
The rules go beyond the scope of the Information Technology Act. “Rather than having a detailed data protection law duly passed by Parliament, the government is trying to come up with a backdoor measure through secondary rules and regulations,” said Duggal.
The department of IT denied the rules could be misused. “Any agency receiving such information has to give an undertaking that the information won’t be published or shared with any other person,” it said in a release on Wednesday.
This is similar to information sought under the Income Tax Act, under which the government can get bank account details, credit or debit card details and so on from banks, all of which are being bundled into this rule.
Additionally, under the Code of Criminal Procedure, a police officer investigating a case can collect any personal information of the accused for the purposes of the probe.